The SSH Who Cried Wolf

Disclaimer: This article lowers the security of your SSH client connection and leaves you vulnerable to man in the middle attacks. For that I take no responsibility. If you follow the steps below you do so at your own risk.

TLDR

Add the following to your ~/.ssh/config file to make SSH shut up:

1

2

3

4

Host *

StrictHostKeyChecking no

UserKnownHostsFile /dev/null

LogLevel ERROR

Wolf! Wolf! The wolf is performing a MITM attack!

Have you ever seen this message when attempting to SSH somewhere?

1

2

3

4

5

6

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that the RSA host key has just been changed.

In theory I should investigate if there is indeed a MITM attack. In practice I get this message so often so I don’t care. It can happen without a MITM attack for a number of reasons. If you reinstall the machine behind the IP, swap the machine behind the IP, or simply have dynamically assigned IPs that vary over time.

Because of this we have a cry wolf issue where the message can’t be taken seriously and rather just annoy in day to day work. Bundled with the glorious cry wolf feature we also have these messages:

1

2

3

4

5

The authenticity of host '192.168.0.100 (192.168.0.100)' can't be established.